Open letter rejects government crackdown on encryption

More than 130 NGOs and advocacy organisations from around the world have signed an open letter calling on governments to reject policies that undermine the use and effectiveness of encryption.

“Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access,” states the letter published online at Securetheinternet.org.

A number of Australian organisations have signed the letter, including the Australian Privacy Foundation, Electronic Frontiers Australia (EFA), Future Wise, Australian Lawyers for Human Rights and Blueprint for Free Speech.

Other signatories include Amnesty International, the American Civil Liberties Union, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Human Rights Watch and the Tor Project.

“We encourage you to support the safety and security of users by strengthening the integrity of communications and systems,” the letter states.

Governments should not limit access to encryption or the implementation of encryption technologies, the letter states.

In addition, governments should not mandate the inclusion of ‘backdoors’ in software or services and should not undermine encryption standards.

“Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets,” the letter states.

Governments and politicians around the world have targeted access to encryption in the name of national security.

“The SIGINT Enabling Project actively engages the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs,” the document, made public in September 2013, states.

“These design changes make the systems in question exploitable through SIGINT collection ... with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact.”

“In this way, the SIGINT Enabling approach uses commercial technology and insight to manage the increasing cost and technical challenges of discovering and successfully exploiting systems of interest within the ever-more integrated and security-focused global communications environment,” the document states.

In the UK, tech companies have raised concerns over a draft Investigatory Powers Bill in part because of its perceived potential to undermine encryption.

A submission by Facebook, Google, Microsoft, Twitter and Yahoo to a parliamentary committee examining the bill stated that the companies “believe that encryption is a fundamental security tool, important to the security of the digital economy as well as crucial to ensuring the safety of web users worldwide”.

“We reject any proposals that would require companies to deliberately weaken the security of their products via backdoors, forced decryption, or any other means,” the submission states.

“We therefore have concerns that the Bill includes ‘obligations relating to the removal of electronic protection applied by a relevant operator to any communication or data’ and that these are explicitly intended to apply extraterritorially with limited protections for overseas providers.

"We appreciate the statements in the Bill and by the Home Secretary that the Bill is not intended to weaken the use of encryption, and suggest that the Bill expressly state that nothing in the Bill should be construed to require a company to weaken or defeat its security measures.”

In the US a number of the candidates seeking nomination for president have expressed misgivings over the potential national security implications of access to encryption.

There is a challenge to strike the “right balance of protecting privacy and security,” Hillary Clinton, who is seeking the Democratic nomination, said in a speech last year.

"We should take the concerns of law enforcement and counter-terrorism professionals seriously. They have warned that impenetrable encryption may prevent them from accessing terrorist communications and preventing a future attack," Clinton said.

“They are even more important in other parts of the world, where expressing an opinion can get your arrested or worse. It is not possible to weaken this security in the name of catching criminals without compromising their effectiveness for everyone.”

“Calls to undermine encryption in the name of ‘national security’ are fundamentally misguided and dangerous,” said EFA executive officer Jon Lawrence.

“Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types, including of course government agencies.

“Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe.”

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.